WP-Safety

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Security & Risk Analysis

wordpress.org/plugins/seo-by-rank-math

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M active installs v1.0.265 PHP 7.4+ WP 6.3+ Updated Mar 4, 2026
google-search-consoleredirectionschemaseowordpress-seo
86
A · Safe
CVEs total20
Unpatched0
Last CVESep 11, 2025
Plugin page Download
Safety Verdict

Is Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Safe to Use in 2026?

Generally Safe

Score 86/100

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings has a strong security track record. Known vulnerabilities have been patched promptly.

20 known CVEsLast CVE: Sep 11, 2025Updated 1mo ago
Risk Assessment

The static analysis of "seo-by-rank-math" v1.0.265 reveals a mixed security posture. While the plugin demonstrates good practices by utilizing prepared statements for 90% of its SQL queries and properly escaping 91% of its output, concerns arise from the presence of the `unserialize` function. This function, when used with user-supplied data, can lead to deserialization vulnerabilities, a known risk. The absence of any critical or high-severity taint flows in the analyzed code is a positive sign, indicating that current static analysis did not flag immediate deserialization or path traversal issues within this version's scope. The plugin's attack surface is relatively contained with 13 entry points, all of which appear to have authorization checks.

Key Concerns

  • Dangerous function (unserialize) present
  • Significant vulnerability history (20 CVEs)
  • Known critical vulnerability in history
  • Known high severity vulnerabilities in history
Vulnerabilities
20

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Security Vulnerabilities

CVEs by Year

2 CVEs in 2019
2019
3 CVEs in 2020
2020
1 CVE in 2022
2022
2 CVEs in 2023
2023
8 CVEs in 2024
2024
4 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
15

20 total CVEs

CVE-2025-64350medium · 4.3Missing Authorization

Rank Math SEO <= 1.0.252.1 - Missing Authorization

Sep 11, 2025 Patched in 1.0.253 (55d)
CVE-2025-64351medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Rank Math SEO <= 1.0.252.1 - Authenticated (Subscriber+) Information Exposure

Sep 11, 2025 Patched in 1.0.253 (55d)
CVE-2024-13227medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API

Feb 12, 2025 Patched in 1.0.236 (1d)
CVE-2024-13229medium · 4.3Improper Access Control

Rank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema Deletion

Feb 12, 2025 Patched in 1.0.236 (1d)
CVE-2024-11620high · 7.2Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Rank Math SEO <= 1.0.231 - .htaccess File Manipulation to Remote Code Execution

Nov 22, 2024 Patched in 1.0.232 (5d)
CVE-2024-9161medium · 6.5Missing Authorization

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

Oct 4, 2024 Patched in 1.0.229 (1d)
CVE-2024-9314high · 7.2Deserialization of Untrusted Data

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Authenticated (Administrator+) PHP Object Injection

Oct 4, 2024 Patched in 1.0.229 (1d)
CVE-2024-4627medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO <= 1.0.218 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 11, 2024 Patched in 1.0.219 (16d)
CVE-2024-4617medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO with AI Best SEO Tools <= 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 15, 2024 Patched in 1.0.219-beta (1d)
CVE-2024-4335medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 3, 2024 Patched in 1.0.218 (7d)
CVE-2024-3665medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'

Apr 22, 2024 Patched in 1.0.217 (1d)
CVE-2024-2536medium · 6.4Improper Input Validation

Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes

Mar 21, 2024 Patched in 1.0.215 (20d)
CVE-2023-32600medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 17, 2023 Patched in 1.0.119.1 (190d)
CVE-2023-23888medium · 6.5Relative Path Traversal

RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion

Jan 30, 2023 Patched in 1.0.107.3 (358d)
CVE-2022-36376medium · 5.4Server-Side Request Forgery (SSRF)

Rank Math SEO <= 1.0.95 - Server-Side Request Forgery

Aug 12, 2022 Patched in 1.0.95.1 (529d)
WF-138e0a38-c922-44d1-9fe6-2439ec32cf39-seo-by-rank-mathmedium · 5.4Improper Access Control

Rank Math SEO <= 1.0.42.1 - Missing Authorization

Apr 18, 2020 Patched in 1.0.42.2 (1375d)
CVE-2020-11515high · 7.4Authentication Bypass Using an Alternate Path or Channel

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

Mar 25, 2020 Patched in 1.0.41 (1399d)
CVE-2020-11514critical · 9.8Missing Authorization

Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint

Mar 25, 2020 Patched in 1.0.41 (1399d)
CVE-2019-14786medium · 6.5Improper Authorization

Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter

Jun 21, 2019 Patched in 1.0.27.1 (1677d)
WF-1ed98565-3f86-46c0-a696-13d678f2d523-seo-by-rank-mathhigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rank Math SEO <= 1.0.26 - Cross-Site Scripting

Jun 18, 2019 Patched in 1.0.27 (1680d)
Code Analysis
Analyzed Mar 16, 2026

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Code Analysis

Dangerous Functions
2
Raw SQL Queries
8
73 prepared
Unescaped Output
84
802 escaped
Nonce Checks
51
Capability Checks
41
File Operations
4
External Requests
22
Bundled Libraries
2

Dangerous Functions Found

unserialize'sources' => unserialize( $item['sources'] ), //phpcs:ignore -- This will be fixed after moving includes\modules\redirections\class-table.php:240
unserialize$sources = unserialize( trim( $redirection['sources'] ), [ 'allowed_classes' => false ] ); // phpcs:includes\modules\status\class-import-export-settings.php:141

Bundled Libraries

LodashSelect2

SQL Query Safety

90% prepared81 total queries

Output Escaping

91% escaped886 total outputs
Attack Surface

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 1

authwp_ajax_wp_helpers_notice_dismissibleincludes\admin\notifications\class-notification-center.php:65

Shortcodes 12

[rank_math_seo_score] includes\class-frontend-seo-score.php:60
[wpseo_address] includes\frontend\class-shortcodes.php:49
[wpseo_map] includes\frontend\class-shortcodes.php:50
[wpseo_opening_hours] includes\frontend\class-shortcodes.php:51
[wpseo_breadcrumb] includes\frontend\class-shortcodes.php:52
[aioseo_breadcrumbs] includes\frontend\class-shortcodes.php:53
[rank_math_contact_info] includes\frontend\class-shortcodes.php:56
[rank_math_breadcrumb] includes\frontend\class-shortcodes.php:59
[rank_math_rich_snippet] includes\modules\schema\class-snippet-shortcode.php:47
[rank_math_review_snippet] includes\modules\schema\class-snippet-shortcode.php:48
[rank_math_html_sitemap] includes\modules\sitemap\html-sitemap\class-sitemap.php:60
[aioseo_html_sitemap] includes\modules\sitemap\html-sitemap\class-sitemap.php:63
WordPress Hooks 64
actionwp_footerincludes\3rdparty\divi\class-divi.php:62
actionelementor/editor/footerincludes\3rdparty\elementor\class-elementor.php:44
actioninitincludes\admin\class-page.php:154
actioninitincludes\admin\metabox\class-taxonomy-screen.php:30
filterpre_term_descriptionincludes\admin\metabox\class-taxonomy-screen.php:41
filterterm_descriptionincludes\admin\metabox\class-taxonomy-screen.php:42
actionplugins_loadedincludes\admin\notifications\class-notification-center.php:60
actionall_admin_noticesincludes\admin\notifications\class-notification-center.php:61
actionshutdownincludes\admin\notifications\class-notification-center.php:62
actionadmin_footerincludes\admin\notifications\class-notification-center.php:63
actionshutdownincludes\class-installer.php:725
actioncreated_categoryincludes\class-rewrite.php:40
actiondelete_categoryincludes\class-rewrite.php:41
actionedited_categoryincludes\class-rewrite.php:42
actioninitincludes\class-rewrite.php:47
actioninitincludes\class-settings.php:41
filterbbp_get_breadcrumbincludes\frontend\class-frontend.php:62
filtercategory_descriptionincludes\frontend\class-frontend.php:81
filterterm_descriptionincludes\frontend\class-frontend.php:82
actionrank_math/headincludes\frontend\class-head.php:73
filtercategory_linkincludes\helpers\class-sitepress.php:100
filterget_termincludes\helpers\class-sitepress.php:105
filterterms_clausesincludes\helpers\class-sitepress.php:110
filterget_terms_argsincludes\helpers\class-sitepress.php:115
filterhome_urlincludes\helpers\class-sitepress.php:142
filterupload_mimesincludes\helpers\class-wordpress.php:779
filterwp_check_filetype_and_extincludes\helpers\class-wordpress.php:780
actionrank_math/module_changedincludes\module\class-manager.php:55
actionrank_math/analytics/sync_sitemapsincludes\modules\analytics\workflows\class-jobs.php:59
filtershould_load_block_editor_scripts_and_stylesincludes\modules\content-ai\class-content-ai-page.php:50
actionaction_scheduler/created_tableincludes\modules\database-tools\class-database-tools.php:237
filterrank_math/replacements/non_cacheableincludes\modules\database-tools\class-update-score.php:164
actionrank_math/redirection/clean_trashedincludes\modules\redirections\class-admin.php:118
filterrank_math/schema/block/faq-blockincludes\modules\schema\blocks\faq\class-block-faq.php:69
filterrank_math/schema/block/howto-blockincludes\modules\schema\blocks\howto\class-block-howto.php:72
filterrank_math/seo_analysis/testsincludes\modules\seo-analysis\seo-analysis-tests.php:20
filterrank_math/seo_analysis/testsincludes\modules\seo-analysis\seo-analysis-tests.php:102
filterrank_math/seo_analysis/testsincludes\modules\seo-analysis\seo-analysis-tests.php:144
actionshutdownincludes\modules\sitemap\class-cache-watcher.php:75
actionupdate_optionincludes\modules\sitemap\class-cache-watcher.php:76
actiondeleted_term_relationshipsincludes\modules\sitemap\class-cache-watcher.php:77
filterwp_sitemaps_enabledincludes\modules\sitemap\class-redirect-core-sitemaps.php:39
actionrank_math/sitemap/hit_indexincludes\modules\sitemap\class-sitemap.php:57
filterpre_site_transient_update_pluginsincludes\modules\version-control\class-rollback-version.php:95
filtergettextincludes\modules\version-control\class-rollback-version.php:96
filterweb_stories_enable_metadataincludes\modules\web-stories\class-web-stories.php:36
filterweb_stories_enable_schemaorg_metadataincludes\modules\web-stories\class-web-stories.php:37
filterweb_stories_enable_open_graph_metadataincludes\modules\web-stories\class-web-stories.php:38
filterweb_stories_enable_twitter_metadataincludes\modules\web-stories\class-web-stories.php:39
filterjetpack_enable_open_graphincludes\opengraph\class-facebook.php:43
filteroption_rewrite_rulesincludes\rest\class-headless.php:155
filteris_protected_metaincludes\rest\class-shared.php:155
actionadmin_initrank-math.php:215
actionadmin_noticesrank-math.php:216
actionafter_setup_themerank-math.php:315
actioninitrank-math.php:316
filterplugin_row_metarank-math.php:319
actionplugins_loadedrank-math.php:324
actionrest_api_initrank-math.php:325
actionplugins_loadedrank-math.php:329
actionplugins_loadedrank-math.php:334
actionplugins_loadedrank-math.php:339
actionafter_setup_themerank-math.php:407
actioncurrent_screenrank-math.php:416

Scheduled Events 2

rank_math/content-ai/update_plan
rank_math/sitemap/hit_index
Maintenance & Trust

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads170.7M

Community Trust

Rating98/100
Number of ratings7,375
Active installs3.0M
Alternatives

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Alternatives

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A
97

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE
Xagio SEO – AI Powered SEO

Xagio SEO – AI Powered SEO

xagio-seo

C
64

Xagio is the only WordPress SEO plugin built with AI to help you rank fast, rank higher, and optimize for SEO using advanced AI for insane SEO results &hellip;

10K 1 unpatched
Rankology SEO and Analytics Tool

Rankology SEO and Analytics Tool

rankology-seo-and-analytics-tool

A
99

Rankology SEO and Analytics Tool is a powerful, fast, and easy-to-use SEO plugin that helps WordPress sites rank higher in search engines.

300 1 CVE
ShieldClimb – Remove Hentry and Hatom

ShieldClimb – Remove Hentry and Hatom

shieldclimb-remove-hentry-and-hatom

A
100

Remove hentry and hatom microformats in WordPress to fix SEO issues, improve search rankings, and enhance your site's overall performance.

40 No CVEs
SEOX

SEOX

seo-x

A
85

SEO X is the one stop WordPress SEO plugin that will fix your SEO issues and will help you to get better ranking following Google guidelines.

0 No CVEs
Developer Profile

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings Developer Profile

Rank Math SEO

2 plugins · 3.2M total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
439 days
View full developer profile
Detection Fingerprints

How We Detect Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seo-by-rank-math/assets/admin/css/main.css/wp-content/plugins/seo-by-rank-math/assets/admin/css/vendor.css/wp-content/plugins/seo-by-rank-math/assets/admin/js/main.js/wp-content/plugins/seo-by-rank-math/assets/admin/js/vendor.js/wp-content/plugins/seo-by-rank-math/assets/front/css/main.css/wp-content/plugins/seo-by-rank-math/assets/front/css/vendor.css/wp-content/plugins/seo-by-rank-math/assets/front/js/main.js/wp-content/plugins/seo-by-rank-math/assets/front/js/vendor.js
Generator Patterns
Rank Math SEO
Script Paths
/wp-content/plugins/seo-by-rank-math/assets/admin/js/main.js/wp-content/plugins/seo-by-rank-math/assets/admin/js/vendor.js/wp-content/plugins/seo-by-rank-math/assets/front/js/main.js/wp-content/plugins/seo-by-rank-math/assets/front/js/vendor.js
Version Parameters
seo-by-rank-math/assets/admin/css/main.css?ver=seo-by-rank-math/assets/admin/css/vendor.css?ver=seo-by-rank-math/assets/admin/js/main.js?ver=seo-by-rank-math/assets/admin/js/vendor.js?ver=seo-by-rank-math/assets/front/css/main.css?ver=seo-by-rank-math/assets/front/css/vendor.css?ver=seo-by-rank-math/assets/front/js/main.js?ver=seo-by-rank-math/assets/front/js/vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes
rank-math-notice
HTML Comments
<!-- This site is optimized with Rank Math SEO -->
Data Attributes
data-rank-math="true"
JS Globals
rankMath
REST Endpoints
/wp-json/rankmath/v1
FAQ

Frequently Asked Questions about Rank Math SEO – AI SEO Tools to Dominate SEO Rankings